On 03/12/2018 04:30 PM, Pierre Labastie wrote:
On 12/03/2018 22:19, Pierre Labastie wrote:

In order to move to the Maven build system, I tried to rebuild an OpenJDK JVM
in a fresh LFS sytem (in a VM). There are a few problems:
- The jtreg file is updated every few days on the ci.adoptjk.net site. Result:
   the MD5sum in the book is obsolete. I suggest removing the MD5sum, there is
   no real security threat in a testsuite, is there?

I was not aware of that. There can be a security threat in any code. Bruce also had a suggestion that we host it. I'm good either way, but lean toward his suggestion.

- We pass "--with-cacerts-file=/etc/ssl/java/cacerts.jks" to configure, but if
   this is the first build of OpenJDK, it is perfectly possible that this file
   does not exist, and then the build fails. I would suggest to build it just
   after the Java binary installation.

It shouldn't be possible. The expected environment contains the file as it is part of configuring the binary install. However, I admit that the instructions being split across multiple pages is confusing. Your next suggestion works well. Sledgehammer to drive a tack, but I'm good with it. :-)

- When running /usr/sbin/make-ca --force at the end, there is no reason that
   the certdata.txt file be in the current directory. I would suggest to add
   the -g option to the command.

- Not tried yet but the last instructions should be
   "bin/keytool -list -keystore /opt/jdk/lib/security/cacerts" (in order to
   check that the JVM install is OK). And if we want to test the one in /etc,
   it should be "bin/keytool -list -keystore /etc/ssl/java/cacerts.jks" (.jks
   added at the end).

Ugh, my bad. I missed it when I flipped it.

Actually, the real test is "bin/keytool -list -cacerts"

After the symlink is in place. Even with the switch, it still installs an empty cacerts file, but the configure switch is used during the testsuite.

May I do that?

Please do.


FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to